CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Wkleję loga z HijackThis –..ktomi doradzi?

Wkleję loga z HijackThis –..ktomi doradzi?

[Logfile of HijackThis v1.99.1
Scan saved at 20:34:26, on 2005–11–11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\rtf32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\GG\Gadu–Gadu\gg.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\win rar3.42 PL\WinRAR.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.344\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\System32\appwiz.dll (file missing)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "E:\Program Files\GG\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O20 – Winlogon Notify: style32 – C:\WINDOWS\q62522296.dll (file missing)
O20 – Winlogon Notify: tcpG4T – tcpG4T.dll (file missing)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]

Proszę o pomoc...mam wrazenie,ze mam tu programy, które szkodzą systemowi...

Odpowiedzi: 5

Cóź, chyba tylko podziękuję..bo wszystko działa teraz ok..:–
Beata4b
Dodano
12.11.2005 10:11:36
Usuń na pewno:

C:\WINDOWS\System32\rtf32.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe


coś takiego wpycha na przykład AdClicker 1.0.

Następnie:

O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"


a to trojanek...zawsze ma część nazwy ibm0000X – X jest cyferką.

I nic się nie stanie jak to wyrzucisz:

O4 – HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3


to na 99% pozostałość po wygaszaczu ekranu – takiego fajnego z rybkami :D.

Pozdrawiam .....
Saint Jacob
Dodano
11.11.2005 22:26:43
Repsamo (Cimuz), Stydler i Haxdoor.AG to to co w Twoim systemie się zadomowiło.
Pliczki z drugiego kodu damiancore to tez adware.
Bobi
Dodano
11.11.2005 22:09:17
Dziękuję Damianie... masz rację..mam Avasta..to narazie zostawię...a resztę przepatrzę..dziękuję :wink:
Beata4b
Dodano
11.11.2005 22:07:23
No teraz juź lepiej, coski poradzimy:

Usuń:
C:\windows\system32\mdms.exe
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\System32\appwiz.dll (file missing)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O20 – Winlogon Notify: style32 – C:\WINDOWS\q62522296.dll (file missing)
O20 – Winlogon Notify: tcpG4T – tcpG4T.dll (file missing)


tego nie jestem pewien:
C:\WINDOWS\System32\rtf32.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"



O23 – Service: avast! Mail Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
A to jest chyba od Avasta, jakgo nie masz to usuń.

Lecz jeszcze poczekaj na kogoś, kto to ewenrualnie potwierdz/zaneguje.
damiancore
Dodano
11.11.2005 21:46:42
Beata4b
Dodano:
11.11.2005 21:36:16
Komentarzy:
5
Strona 1 / 1